From edfc488dce58a83a1bff4a67f7d9af29554e2cef Mon Sep 17 00:00:00 2001 From: Arne Luenser Date: Thu, 11 Jul 2024 13:40:19 +0200 Subject: [PATCH] chore: document per-identity rate limits --- docs/guides/rate-limits.mdx | 77 ++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 32 deletions(-) diff --git a/docs/guides/rate-limits.mdx b/docs/guides/rate-limits.mdx index 50fde672e..21078b11f 100644 --- a/docs/guides/rate-limits.mdx +++ b/docs/guides/rate-limits.mdx @@ -10,52 +10,65 @@ Ory Network enforces different rate limit policies based on the environment of y 2. `/admin/oauth2/introspect`: OAuth2 token introspection 3. `/relation-tuples/check`: permission check 4. `GET /admin/identities`: list identities -5. `*`: everything else +5. `POST/PATCH/PUT/DELETE /admin/identities/{id}`: update or delete an individual identity +6. `*`: everything else Each of these policies incorporates two types of rate limits: 1. The `burst` limit, which regulates the maximum number of requests per second, allowing brief spikes in request volume. 2. The `sustained` limit, controlling the number of requests over a one-minute period. +:::note + +The rate limit for `POST/PATCH/PUT/DELETE /admin/identities/{id}` is calculated per identity ID. You can edit several identities +in parallel under the regular limit, but you can only edit a single identity twice per minute. + +::: + ## Developer Plan Rate Limits -| Environment | Path / Bucket | burst (rps) | sustained (rpm) | -| :------------ | :------------------------- | ----------: | --------------: | -| **Developer** | `/sessions/whoami` | 10 | 300 | -| | `/admin/oauth2/introspect` | 10 | 300 | -| | `/relation-tuples/check` | 10 | 300 | -| | `GET /admin/identities` | 1 | 10 | -| | `*` | 5 | 150 | +| Environment | Path / Bucket | burst (rps) | sustained (rpm) | +| :------------ | :--------------------------------------------- | ----------: | --------------: | +| **Developer** | `/sessions/whoami` | 10 | 300 | +| | `/admin/oauth2/introspect` | 10 | 300 | +| | `/relation-tuples/check` | 10 | 300 | +| | `GET /admin/identities` | 1 | 10 | +| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 | +| | `*` | 5 | 150 | ## Production Plan Rate Limits -| Environment | Path / Bucket | burst (rps) | sustained (rpm) | -| :------------- | :------------------------- | ----------: | --------------: | -| **Production** | `/sessions/whoami` | 80 | 1800 | -| | `/admin/oauth2/introspect` | 80 | 1800 | -| | `/relation-tuples/check` | 80 | 1800 | -| | `GET /admin/identities` | 10 | 300 | -| | `*` | 40 | 900 | -| **Staging** | `/sessions/whoami` | 10 | 300 | -| | `/admin/oauth2/introspect` | 10 | 300 | -| | `/relation-tuples/check` | 10 | 300 | -| | `GET /admin/identities` | 1 | 10 | -| | `*` | 5 | 150 | +| Environment | Path / Bucket | burst (rps) | sustained (rpm) | +| :------------- | :--------------------------------------------- | ----------: | --------------: | +| **Production** | `/sessions/whoami` | 80 | 1800 | +| | `/admin/oauth2/introspect` | 80 | 1800 | +| | `/relation-tuples/check` | 80 | 1800 | +| | `GET /admin/identities` | 10 | 300 | +| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 | +| | `*` | 40 | 900 | +| **Staging** | `/sessions/whoami` | 10 | 300 | +| | `/admin/oauth2/introspect` | 10 | 300 | +| | `/relation-tuples/check` | 10 | 300 | +| | `GET /admin/identities` | 1 | 10 | +| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 | +| | `*` | 5 | 150 | ## Growth Plan Rate Limits -| Environment | Path / Bucket | burst (rps) | sustained (rpm) | -| :------------- | :------------------------- | ----------: | --------------: | -| **Production** | `/sessions/whoami` | 800 | 18000 | -| | `/admin/oauth2/introspect` | 800 | 18000 | -| | `/relation-tuples/check` | 800 | 18000 | -| | `GET /admin/identities` | 20 | 600 | -| | `*` | 400 | 9000 | -| **Staging** | `/sessions/whoami` | 10 | 30 | -| | `/admin/oauth2/introspect` | 10 | 300 | -| | `/relation-tuples/check` | 10 | 300 | -| | `GET /admin/identities` | 1 | 10 | -| | `*` | 5 | 150 | +| Environment | Path / Bucket | burst (rps) | sustained (rpm) | +| :------------- | :--------------------------------------------- | ----------: | --------------: | +| **Production** | `/sessions/whoami` | 800 | 18000 | +| | `/admin/oauth2/introspect` | 800 | 18000 | +| | `/relation-tuples/check` | 800 | 18000 | +| | `GET /admin/identities` | 20 | 600 | +| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 | +| | `*` | 400 | 9000 | +| **Staging** | `/sessions/whoami` | 10 | 30 | +| | `/admin/oauth2/introspect` | 10 | 300 | +| | `/relation-tuples/check` | 10 | 300 | +| | `GET /admin/identities` | 1 | 10 | +| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 | +| | `*` | 5 | 150 | :::note